I will try to explain what I am doing the best I can.
I will be setting up network security for a client and I am using one of my switches to test the setup. It is an older FWS648.
I have setup the Radius and dot1x settings and have a Windows Server 2012 r2 as the Radius server.
I have two policies setup; One to authenticate users managing the switch and one to handle the port security.
The policy to authenticate users has the Condition: User group equals "SwitchAccess"
The policy for port security has the Condition: User group equals "Users". Once a computer and user is authenticated the port automatically gets put in the correct vlan.
The issue I am having is I cannot get both policies to work at the same time. If I have the Switch access policy at the top of the order I can authenticate to the switch just fine. But then if I try to authenticate a computer, the radius server just states that the user is not part of the SwitchAccess group and denies access. It never checks the next policy.
Vice versa the same thing happens if I switch the order of the policies. The computer will authenticate and the port will move to the correct vlan but then I cannot log into the switch.
Any ideas? Do I need multiple radius servers configured to achieve this?
Thanks!
No comments:
Post a Comment